Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix how the client checks for presence of Upgrade: websocket, Connection: upgrade #604

Merged
merged 1 commit into from
Aug 20, 2020

Commits on Jun 28, 2020

  1. Fix how the client checks for presence of Upgrade: websocket, Connect…

    …ion: upgrade
    
    The values of the `Upgrade` and `Connection` response headers can
    contain multiple tokens, for example
    
        Connection: upgrade, keep-alive
    
    The WebSocket RFC describes the checking of these as follows:
    
       2.  If the response lacks an |Upgrade| header field or the |Upgrade|
           header field contains a value that is not an ASCII case-
           insensitive match for the value "websocket", the client MUST
           _Fail the WebSocket Connection_.
    
       3.  If the response lacks a |Connection| header field or the
           |Connection| header field doesn't contain a token that is an
           ASCII case-insensitive match for the value "Upgrade", the client
           MUST _Fail the WebSocket Connection_.
    
    It is careful to note "contains a value", "contains a token".
    
    Previously, the client would reject with "bad handshake" if the header
    doesn't contain exactly the value it looks for.
    
    Change the checks to use `tokenListContainsValue` instead, which is
    incidentally what the server is already doing for similar checks.
    bluetech committed Jun 28, 2020
    Configuration menu
    Copy the full SHA
    92a102f View commit details
    Browse the repository at this point in the history